Kaspersky x Phishing: A fake WeTransfer page used for phishingNews

Kaspersky explains how phishing works

With more channels to carry out their attacks, cybercriminals have been ramping up their phishing efforts to obtain as much personal information as possible. Cybersecurity solutions company Kaspersky dissects how phishing works and how to spot them.

In simple terms, phishing is the act of deceiving unsuspecting victims into revealing personal information to crybercriminals who pose as legitimate organizations or businesses. They often use emails, SMS, or social media to send links for people to click and provide credentials.

(In photo: A fake WeTransfer page used for phishing)

Kaspersky discovers emerging APT threat actor in APAC 
Kaspersky reports uptick of 40% in cryptocurrency phishing

“Cybercriminals follow trends,” says Adrian Hia, managing director for Asia Pacific at Kaspersky. “They know the latest topics they can effectively piggyback on. It’s a social engineering technique that plays on our human minds, that’s why it’s difficult to resist clicking an unknown link, which may eventually turn out to be malicious.”

According to Kaspersky, most of the phishing topics it monitored in 2022 are related to employment compensations, bonuses, and even refunds. It also detected phishing attempts that offer “promotional campaigns by major banks.” 

“Our solutions blocked more than 43 million phishing attacks against our users in Southeast Asia last year,” Hia said. 

How a phishing campaign unfolds

In 2022, Kaspersky experts saw an increase in spear (or targeted) phishing attacks targeting businesses around the world. In addition to typical campaigns consisting of one stage, there were attacks in several stages. In the first email, scammers in the name of a potential client asked the victim to specify information about its products and services. After the victim responds to this email, the attackers start a phishing attack.

Stage 1: Attackers send an email in the name of a real trade organization requesting more information about the victim company’s products. The email text looks plausible and has no suspicious elements, such as phishing links or attachments. A sender’s email address from a free domain, like gmail.com, may raise doubts. 

Stage 2: After victims respond to the first email, attackers send a new message asking them to visit a file-sharing site and view a PDF file with a completed order, accessible via the link.

Stage 3: The user clicks the link to a fake site generated by a well-known phishing kit. It is a relatively simple tool that generates phishing pages to steal credentials from specific resources. Our solutions blocked fake WeTransfer and Dropbox pages created with this kit.

Stage 4: When victims attempt to log in, their usernames and passwords are sent to https://pbkvklqksxtdrfqkbkhszgkfjntdrf[.]herokuapp[.]com/send-mail. 

Phishing trends in 2023

Kaspersky predicts that phishing will continue, with cybercriminals posing as banks and large enterprises to lure victims.

Kaspersky has also observed an increase in targeted phishing attacks where scammers don’t immediately proceed to the phishing attack itself, but rather after several introductory emails with active correspondence with the victim.

This trend is likely to continue, and new tricks are also expected to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers.

Categories: News

Tagged as: , , ,

1 reply »